Begin Main Content Area

PCCD CONCEPT PAPER AND GRANT APPLICATION TECHNOLOGY CONDITIONS

 

Compliance with State and Federal Information Technology Grant Conditions:

 
PCCD is required to include mandated subgrant conditions for Information Technology (IT) Grants.  These conditions are required in order to ensure that technology projects funded by PCCD are compatible with state and federal IT standards and requirements.

State Technology Condition Information:
 
All IT components (hardware, software and/or firmware) funded through this award must be compliant with applicable Commonwealth IT Standards (as referenced in Pennsylvania Office of Administration’s Information Technology Policies (ITPs) that have been promulgated at the time of this award.
 
In addition, if technology is being implemented as part of a larger IT project, these components must also comply with all Office of Administration (OA) standards that have been promulgated at the time the hardware/software specifications of the detailed system design are approved by the (OA/OIT) project manager.
 
A listing of the Commonwealth IT Standards is found at:
 
 
In addition, all grantees must review these standards quarterly during the project funding cycle, as well as at major project milestones through design, finalization and procurement.  Deviation from Commonwealth IT standards will require final approval from program staff within PCCD, who will coordinate this review process with OA/OIT.
 
Federal Technology Condition Information:
The Global Standards Council (GSC) was created to support the work of DOJ's Global working groups and related bodies by coordinating the establishment of a common, consistent, and standards-based approach to implementing justice information sharing solutions. To further this goal, the GSC developed the Global Standards Package (GSP) which describes a full information sharing technology standards implementation suite that addresses data standardization, messaging architecture, security, and privacy requirements. In order to promote consistency and interoperability of systems across the justice and public safety community, OJP requires grantee compliance to the GSP and all components thereof. In addition to offering a common mechanism to share information across agencies, the GSP also promotes the use of open, consensus-based standards to avoid proprietary or restrictive approaches to system integration and interface development. This approach enables adopters to fully realize the cost savings and operational efficiencies that have been demonstrated by those who have already implemented elements of the GSP.
Compliance to the GSP requires conformance to all components of the GSP whenever applicable. If the grantee is planning to exchange information across agencies or systems using a common data format, such format is required to be conformant to the National Information Exchange Model (NIEM). If the grantee is planning to adopt a service-oriented approach to sharing information, it must leverage the Global Reference Architecture (GRA), and so on. The primary components of the GSP are as follows:
 
·         National Information Exchange Model (NIEM)
·         Global Reference Architecture (GRA)
·         Global Federated Identity and Privilege Management (GFIPM)
 
In addition, certain GSP components enable the development of national, or "reference," specifications that further promote reuse for enhanced interoperability. Whenever applicable, these reference specifications should be used as a foundation for implementation of complementary business processes. If the grantee wishes to use an alternate format for which a reference specification already exists, specific justification must be included in the grant application narrative.
National Information Exchange Model (NIEM)—the NIEM data model and tools are supported by a robust governance process and program management office. NIEM conformance is defined explicitly across a number of dimensions, including data modeling, XML representation, exchange development, and implementation. Detailed guidance on NIEM conformance for grantees can be found ahttps://www.niem.gov/getting-started. NIEM also maintains a repository of reusable exchange specifications that can be found at https://www.it.ojp.gov/implementation/niem-iepd.
Global Reference Architecture (GRA)—the GRA provides both a reference architecture to speed agency adoption of Service-Oriented Architecture (SOA)-based approaches to information sharing, as well as a standard methodology for developing particular service specifications that align with specific business functions. Conformance to the GRA generally relies on adherence to the GRA Framework for the former and to the GRA Service Specification Guidelines for the latter. Detailed guidance on GRA implementation for grantees can be found at https://www.it.ojp.gov/initiatives/gra On the same page can be found a listing of reference service specification packages (SSPs) that should be reused whenever applicable.
Global Federated Identity and Privilege Management (GFIPM)—the GFIPM specifications and guidelines are designed to support secure access to various information systems based on commonly understood and applied protocols for user access and attribute-based access control policies. Rather than serving as a universal approach to securing justice information systems, GFIPM should be used in particular cases where regional, multijurisdictional, or cross-boundary information sharing is occurring and there is a need to create a “federation” of participants who must agree on policy and technical solutions to satisfy interoperability requirements. Conformance to GFIPM primarily relies on use of the GFIPM Metadata standard and adherence to operational policies and procedures. Detailed guidance on GFIPM implementation can be found at https://www.it.ojp.gov/initiatives/gfipm.
As stated above, compliance with the GSP is dependent on the grantee conforming to each of the GSP’s normative components above, whenever applicable. For instance, if the grantee is supporting a project to integrate two reporting systems that already operate within the same security environment and there are no new access control provisions required, then conformance to the NIEM and GRA components of the GSP will be sufficient to satisfy the requirement to comply with the GSP. In general, OJP does not require formal certification of software, tools, etc., to verify conformance. However, additional requirements may be imposed by particular funding programs. In cases where software or services are being procured from private sector partners, the grantee should follow procedures such as those recommended by the IJIS Institute to ensure that procured services are in fact conformant. See http://www.ijis.org/?page=Info_Share_Standards.
In addition to complying with the GSP, grantees are also required to adequately address the protection of privacy and civil liberties of those subjects whose data are being shared. OJP requires that prior to implementation of an information exchange solution that such exchange must be governed by an appropriate privacy policy that meets the minimum standards as described by DOJ’s Global Privacy Guide. If the exchange is covered under an existing or umbrella policy, then such policy should be noted and communicated to the grant office prior to execution. For a comprehensive set of resources to address privacy protection in information sharing projects, please visit http://www.it.ojp.gov/privacy.
 
PCCD will use the following checklist for determining when to apply this special condition:
 
·         The grant seeks to develop new justice or public safety information sharing.
 
·         The proposed information exchange is between more than one justice organizations, now or in the foreseeable future.
 
·         If yes to both, the special conditions must be applied.
 
Concept papers and applications requesting technology development, enhancements or acquisition will be jointly reviewed with PCCD’s Information Technology Planning and Services Unit.